French police and the national meteorological agency Météo-France are investigating a suspected physical manipulation of a weather sensor at Charles de Gaulle Airport after anonymous traders won approximately $34,000 on Polymarket by betting on temperature outcomes that materialized only when the sensor inexplicably spiked by four to five degrees Celsius within minutes.
The operating theory, circulating across Polymarket forums and now under active investigation by the Air Transport Gendarmerie Brigade at Roissy, is almost comically low-tech: someone with a battery-powered hairdryer walked to a publicly accessible weather station on the perimeter of the airport, applied heat directly to the sensor, and caused it to register temperatures well above what the surrounding air actually was. On April 6, the sensor spiked to 21°C despite ambient conditions sitting around 14-16°C, briefly crossing the threshold that Polymarket used to settle its "highest temperature in Paris" contracts. An account called "Hoaqin," opened just days before the event, bet on the 21°C outcome when market consensus gave it almost no probability, and won approximately $14,000. On April 15, a second spike drove temperatures to 22°C, triggering payouts for accounts that had placed nearly impossible-looking bets at fractions of a cent on the dollar. A single account known as "xX25Xx" walked away with $21,398 from a $119 position. Three separate wallets earned more than $280,000 combined that evening from the temperature anomaly, on a day when over $500,000 was wagered across Paris temperature markets.
Polymarket resolves its weather contracts by pulling data directly from official government sources , in this case, the Météo-France sensor feed for station LFPG at Charles de Gaulle. That sensor, as The Guardian noted following the investigation, sits on a public road near the airport perimeter. No fence, no security camera coverage designed to protect a meteorological instrument, no redundancy check against neighboring sensors before settlement. The blockchain layer of Polymarket's operation , the smart contracts, the UMA dispute resolution system, the immutable settlement ledger , is entirely irrelevant to what happened here. The attack happened upstream of all of it, in the physical world, with a device available at any pharmacy for under thirty euros.
This is what security researchers call a "physical oracle attack," and it exposes a structural vulnerability in any prediction market that relies on a single real-world data source for settlement. The smart contract can be audited to perfection; the sensor cannot. Polymarket has been aware of oracle risk in the abstract for some time: in 2025, the platform faced a $7 million governance attack in which a concentrated holder of UMA tokens manipulated oracle voting to falsely resolve a contract about a Ukraine mineral deal, shifting odds from 9% to 100% using 25% of total voting power. That attack was sophisticated, technically complex, and expensive to execute. The hairdryer attack cost almost nothing.
Polymarket's Ambitions and Its Data Problem
The timing is uncomfortable for Polymarket. On April 2, the platform announced integration of Pyth Network's oracle services as a new settlement data source for traditional asset-related prediction events , a move designed to signal that the platform is taking data integrity seriously as it scales. Pyth is a robust, aggregated price feed that draws from dozens of market-makers simultaneously, making single-source manipulation effectively impossible for financial market data. Temperature readings at a single airport are an entirely different problem. Aggregating meteorological data across multiple sensors before settlement, or introducing a dispute window that flags statistical outliers against nearby readings, would add meaningful friction to the hairdryer attack vector. Polymarket has moved the Charles de Gaulle sensor to a new location following the incidents, but has not paused its Paris temperature markets.
That last detail matters. Météo-France has filed a formal criminal complaint, French authorities are investigating, and the platform in question is still accepting bets on the same underlying data source that was allegedly compromised twice in nine days. That is a product decision, not just a security observation, and it reflects a tension that runs through the prediction market business model: the markets that generate the most organic engagement are often weather, sports, and local events , precisely the categories where data sources are least resistant to low-cost physical interference. Financial and political markets benefit from aggregated data, competing sources, and institutional scrutiny. A single government weather sensor near a public road has none of those protections.
What Comes Next
The broader implication reaches beyond Polymarket. Decentralized prediction markets have spent years building credibility as a tool for aggregating real-world knowledge, pricing uncertainty, and creating financial instruments around outcomes that traditional markets cannot address. The oracle layer , the bridge between on-chain contracts and off-chain reality , has always been the weakest point in that architecture, and the hairdryer incident illustrates why in terms that anyone can understand. Blockchain security guarantees cryptographic integrity within the system. It provides no protection against manipulation occurring outside it. Solving that problem at scale, across hundreds of data categories and thousands of event types, is the defining infrastructure challenge for prediction markets in 2026. A criminal complaint in Paris and a relocated sensor are a start. They are not a solution.
Also read: Xpeng's CEO just bet his head of autonomous driving a naked sprint across the Golden Gate Bridge that VLA beats Tesla FSD by August • US envoys are flying to Pakistan today but Iran says no meeting is planned and the Hormuz standoff is deepening • The race to launch America's first BNB ETF is a test of how far the SEC's crypto approval streak will go
